Re: Setting Up LMHost File? (DNS problem on VPN).

If routing and name resolution worked before, what is different about the way you have set up the VPN connection?

What equipment are you using to set up the site to site VPN? Does machine to machine routing work between sites using IP addresses? Does it work with FQDN?

"Andrew Staley" <andrew@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:A94D7F49-50CE-4F06-A83B-1EEBD501FDD9@xxxxxxxxxxxxxxxx
What sort of problems are we likely to encounter? This is the system that we currently have in place, currently using a BT leased line.

The BT routers are configured to purely connect to the router this side without touching the internet. All I'm looking to do is essentially replace the BT routers with our own so we have control over them, the line speeds etc will be slightly quicker on the upload/download side, so should be a little better than what BT provide. And a damn sight cheaper.

We have around 17 remote sites so using a DC for each would be expensive, and I can't see a benefit at the moment. Not to mention that I have no where near the experience needed to make it work.

Currently this one remote office it being used as a test site to see if it works.


"Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:eyBa8cxcIHA.484@xxxxxxxxxxxxxxxxxxxxxxx
Andrew Staley <andrew@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

(Pardon my rudely jumping in)

There is just one domain.

That's good.

The headoffice has the only DC, which is
also the DNS server.

That's not so good. Each of your offices should have a DC (and DNS/DHCP/GC),
set up in its own AD site/subnet. Your remote clients should not be
authenticating to a DC on the other side of a VPN connection - it's going to
cause tons of problems over time. The DCs in the remote offices don't have
to be fancy high-end PCs.

The headoffice is on 192.168.1.0, the remote
office is on 192.168.19.0. Both firewalls are setup as
192.168.x.250, and have the subnet listed for each side.

The remote site is on a standard ADSL line with static a IP and I've
configured the Firewall/Router to take it's settings from the ISP,
which includes the DNS.

On the WAN interface, fine. But if you mean internally, your remote
firewalls run DHCP which dishes out something other than the AD-integrated
DNS IP, then you'll have problems.

The remote network is configured with static
IP's,

Not necessary, and a bit of a pain if you're expected to do any kind of
central administration.

and the default gateway points to the router. The DNS settings
are then set as 192.168.1.xx.

Ah.

Note - there is absolutely no need to mask your private IP addresses like
this, and it will only confuse matters.

"Bill Grant" <not.available@online> wrote in message
news:uihIeztcIHA.1208@xxxxxxxxxxxxxxxxxxxxxxx
That makes a big difference. With a site to site VPN, you should
really be using the same techniques as you use on any other routed
network. Are all the machines in the same domain? Do you have a DC
in each site? If you want to have Netbios name resolution you will need
to have
all machines using the same WINS server (or if you have WINS set up
in each site, you need to set them to replicate).

We really need a lot more info about the setup. Is there one
domain or two? Do you have a DC and/or DNS server in each site, or
just one? "Andrew Staley" <andrew@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:2E2877EB-8638-4C63-A487-05F9966909CE@xxxxxxxxxxxxxxxx
The VPN connection is not on the client machine, I'm not using the
Server 2003 VPN facility. The VPN connection is being done through
the two firewalls as a Site to Site. The network setup is Server
2003 with XP clients.

I had on my test machine the DNS server address setup, is it
possible as the machine wasn't registered that any DNS query was
refused? Before I setup the lmhosts file every time I tired to
register the machine on the network it failed with DC not found,
after the lmhosts file it registered no problem and resolved my
problem. Sorry if this is a bit vague, but a lot of this is new to me
and I
have no one in the company to point me in the direction with this
type of thing. I've been chucked in at the deep end so to speak,
and find I have to rely on any information I can find on the
internet. Fortunately the company I work for are happy for me to go on
courses to improve my knowledge with the networks and servers, so
I'll be arranging those within the net few months.

"Bill Grant" <not.available@online> wrote in message
news:Oc91pdtcIHA.1188@xxxxxxxxxxxxxxxxxxxxxxx
You put the DNS suffix in the connection properties of the VPN
connection on the client machine.

Are you running an NT domain? If not, using DNS is a better
arrangement for name resolution. W2k and later do not use the
Netbios name of the domain for domain logon.

"Andrew Staley" <andrew@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:E19CCA12-CF1C-46D7-BAA2-0B67B180AC06@xxxxxxxxxxxxxxxx
Thank you for the reply. Where would I manually code the DNS
suffix in? For the moment I have a workaround in place which was
to create a lmhosts file listing the Doamin Master Browser, as
soon as this was applied I could ping by name. Which I'm
guessing is doing the same thing as I specified #DOM:MY_DOMAIN. One
this was done I could then registert the machine on the
domain and even worked as expected. "Bill Grant"
<not.available@online> wrote in message
news:eJ4$oEpcIHA.5900@xxxxxxxxxxxxxxxxxxxxxxx
LMHOSTS really has no relationship to DNS. DNS knows nothing
about Netbios names and the computer browser service. LMHOSTS is
used with the Netbios naming service. The name server for this
is WINS. The static file for DNS-style names is called HOSTS.

The remote user should be able to use the DNS service on your
LAN. It should get the DNS server address as part of the VPN
setup negotiation. Check if the client can resolve a LAN machine
using its FQDN (eg servername.mydomain.lcl). If this works, DNS
is working correctly. All you need to resolve names using just
the machin name is to manually lcode your DNS suffix into the
connection properties of the client. Then when you try to
resolve servername, the DNS suffix mydomain.lcl will be added to
the query and it should work. "Andrew Staley"
<andrew@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:8E92FD6E-E251-4805-83D7-0D79DDB6BE75@xxxxxxxxxxxxxxxx
I've not long taken a carrer change into IT, having always had
an interest in computing. So I have a resonable grasp on
computers, but still have a lot to learn about servers and
networking it seems. So I appolgise for the long winded post.

Currently we have several remote offices connected to our
domain on a private network setup by BT, after several bad
incidences with BT we have decided to look at ditching them and
setting up our own VPN system into the domain.

As things would have it, we are moving one of the remote
offices and decided now would be a good time to trail the idea
to see if it is workable and what sort of pitfuls we might full
into. So I've got a VPN setup between the remote office and our head
office. Which is setup;

Remote Computer>Router/ADSL Modem (Netgear
FVS318)>Internet>Router>Firewall (Prodigy P100)>Internal
Network. Remote computer is on 192.168.30.0, internal network
is on 192.168.1.0.

From the remote computer I can ping the servers via IP address,
so the VPN is up and running. But I can't ping them via name
(I.E Srv1), now I know this is a DNS issue, but I don't know
how to resolve it. One suggestion that was made on another
forum is to setup a LMHosts file with the details.

My question is, when I setup a LMHosts file is it enough just to
enter;

192.168.1.100 Srv1 #PRE #DOM:DOMAIN_NAME

Or do I also need to enter the NetBIOS hex codes as well for the
Master Browser and DC?

Thanks in advance, AStaley.






.

Relevant Pages

  • Re: Remote Access and ISA Server in SBS 2003?
    ... I am glad to hear the Remote Access Wizard is working fine now. ... there is no difference in VPN between SBS 4.5 and SBS ... Error Message: VPN Connection Error 800: Unable to Establish Connection ... the external NIC of the SBS Server. ...
    (microsoft.public.windows.server.sbs)
  • Re: feeling dizzy about setting up a small remote office.
    ... | dcpromo a new server ... | - installed dns, killed the dns wizard ... | the remote end of the vpn tunnel. ... |> of the VPN router to its public IP address, ...
    (microsoft.public.windows.server.active_directory)
  • RE: SBS 2003 sudden services problem over router based vpn
    ... I understand that your remote cannot receive POP3 emails through VPN ... SBS Server through routers. ...
    (microsoft.public.windows.server.sbs)
  • RE: VPN Clients Not Registering in AD DNS
    ... via VPN, the DNS records of the VPN clients are unable to be registered. ... Windows 2003 server? ... please let me know whether the clients get the IP ...
    (microsoft.public.windows.server.sbs)
  • Re: Setting Up LMHost File? (DNS problem on VPN).
    ... We have around 17 remote sites so using a DC for each would be expensive, and I can't see a benefit at the moment. ... also the DNS server. ... which includes the DNS. ... We really need a lot more info about the setup. ...
    (microsoft.public.windows.server.networking)
Loading